RabbitMQ 3.3.0 Can not login with Open Ldap

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

RabbitMQ 3.3.0 Can not login with Open Ldap

dwang7630
Dear All
I'm config plugin LDAP for RabbitMQ 3.3.0. And this is the contents of config file

[
  {rabbit, [
     {tcp_listeners, [{"172.16.1.10",5672}]},
     {ssl_listeners, [{"172.16.1.10",5671}]},
     {ssl_options, [{cacertfile,"/etc/rabbitmq/ssl/nvca/cacert.pem"},
                    {certfile,"/etc/rabbitmq/ssl/server/cert.pem"},
                    {keyfile,"/etc/rabbitmq/ssl/server/key.pem"},
                    {verify,verify_none},
                    {fail_if_no_peer_cert,false}]},
     {heartbeat, 15},
     {vm_memory_high_watermark_paging_ratio, 0.75},
     {vm_memory_high_watermark, 0.4},
     {auth_backends, [{rabbit_auth_backend_ldap, rabbit_auth_backend_internal},
                          rabbit_auth_backend_internal]},
     {disk_free_limit, 40000000000}
  ]},
  {rabbitmq_auth_backend_ldap,
   [ {servers,               ["10.0.10.10"]},
     {user_dn_pattern,       "cn=${username},dc=scholar,dc=com"},
     {dn_lookup_base,        "dc=scholar,dc=com"},
     {other_bind,           {"cn=manager,cn=internal,dc=scholar,dc=com","eRwFTGDFTooNI5ca"}},
     {use_ssl,               false},
     {port,                  389},
     {log,                   network},
     {tag_queries,           [{administrator, {constant, true}},
                                    {management,    {constant, true}}]}
   ]
  }
].

After that, i'm try login, but fail. And this is a log file 

=INFO REPORT==== 20-May-2014::02:39:58 ===
Server startup complete; 10 plugins started.
 * amqp_client
 * eldap
 * mochiweb
 * rabbitmq_auth_backend_ldap
 * rabbitmq_auth_mechanism_ssl
 * rabbitmq_federation_management
 * rabbitmq_management
 * rabbitmq_management_agent
 * rabbitmq_web_dispatch
 * webmachine
=INFO REPORT==== 20-May-2014::02:40:04 ===
LDAP CHECK: login for david.wang
=INFO REPORT==== 20-May-2014::02:40:04 ===
        LDAP filling template "cn=${username},dc=scholar,dc=com" with
            [{username,<<"david.wang">>}]
=INFO REPORT==== 20-May-2014::02:40:04 ===
        LDAP template result: "cn=david.wang,dc=scholar,dc=com"
=INFO REPORT==== 20-May-2014::02:40:04 ===
    LDAP connecting to servers: ["10.0.10.10"]
=INFO REPORT==== 20-May-2014::02:40:04 ===
    LDAP network traffic: bind request = {'BindRequest',3,
                                          "cn=david.wang,dc=scholar,dc=com",
                                          {simple,<<"abc123a@">>}}
=INFO REPORT==== 20-May-2014::02:40:04 ===
    LDAP network traffic: bind reply = {ok,
                                        {'LDAPMessage',1,
                                         {bindResponse,
                                          {'BindResponse',invalidCredentials,
                                           [],[],asn1_NOVALUE,asn1_NOVALUE}},
                                         asn1_NOVALUE}}
=INFO REPORT==== 20-May-2014::02:40:04 ===
    LDAP bind returned "invalid credentials": cn=david.wang,dc=scholar,dc=com
=INFO REPORT==== 20-May-2014::02:40:04 ===
LDAP DECISION: login for david.wang: denied
=ERROR REPORT==== 20-May-2014::02:40:04 ===
webmachine error: path="/api/whoami"
"Unauthorized"

I'm read "Common errors encountered when using OpenLDAP Software" on website openldap.org. 
And know The error usually occurs when the credentials (password) provided does not match the userPassword held in entry you are binding to, or the error can also occur when the bind DN specified is not known to the server.
After that i'm check both, but it's correct.

This is the LDAP information
LDAP Base DN dc=scholar,dc=com
LDAP Bind DN cn=manager,cn=internal,dc=scholar,dc=com
LDAP Bind Password eRwFTGDFTooNI5ca

Anybody help me please.
Thanks & Regards...!!! 

_______________________________________________
rabbitmq-discuss mailing list
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
Reply | Threaded
Open this post in threaded view
|

Re: RabbitMQ 3.3.0 Can not login with Open Ldap

Simon MacMullen-2
On 20/05/2014 11:45AM, [hidden email] wrote:
> *I'm read "Common errors encountered when using OpenLDAP Software" on
> website openldap.org.
> *
> *And know The error usually occurs when the credentials (password)
> provided does not match the userPassword held in entry you are binding
> to, or the error can also occur when the bind DN specified is not known
> to the server.*
> *After that i'm check both, but it's correct.*

Hmm. The thing is, you *are* getting this:

> =INFO REPORT==== 20-May-2014::02:40:04 ===
>     LDAP network traffic: bind request = {'BindRequest',3,
>                                           "cn=david.wang,dc=scholar,dc=com",
>                                           {simple,<<"abc123a@">>}}
> =INFO REPORT==== 20-May-2014::02:40:04 ===
>     LDAP network traffic: bind reply = {ok,
>                                         {'LDAPMessage',1,
>                                          {bindResponse,
>                                           {'BindResponse',invalidCredentials,
>                                            [],[],asn1_NOVALUE,asn1_NOVALUE}},
>                                          asn1_NOVALUE}}

That really is the LDAP server saying your credentials are invalid. Can
you connect using these credentials using any other LDAP client? (e.g.
Apache Directory Studio, ldapsearch, whatever)

Cheers, Simon

--
Simon MacMullen
RabbitMQ, Pivotal
_______________________________________________
rabbitmq-discuss mailing list
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
Reply | Threaded
Open this post in threaded view
|

Re: RabbitMQ 3.3.0 Can not login with Open Ldap

dwang7630
In reply to this post by dwang7630
Dear All
I'm try login to RabbitMQ, LDAP bind have return success. But I can not login, and  this is the log file

=INFO REPORT==== 23-May-2014::16:49:53 ===
LDAP CHECK: login for David Wang
=INFO REPORT==== 23-May-2014::16:49:53 ===
        LDAP filling template "cn=${username},ou=Users,ou=Accounts,dc=scholar,dc=com" with
            [{username,<<"David Wang">>}]
=INFO REPORT==== 23-May-2014::16:49:53 ===
        LDAP template result: "cn=David Wang,ou=Users,ou=Accounts,dc=scholar,dc=com"
=INFO REPORT==== 23-May-2014::16:49:53 ===
    LDAP connecting to servers: ["quantedge.vn"]
=INFO REPORT==== 23-May-2014::16:49:53 ===
    LDAP network traffic: bind request = {'BindRequest',3,
                                          "cn=David Wang,ou=Users,ou=Accounts,dc=scholar,dc=com",
                                          {simple,<<"321`Rewq">>}}
=INFO REPORT==== 23-May-2014::16:49:53 ===
    LDAP network traffic: bind reply = {ok,
                                        {'LDAPMessage',1,
                                         {bindResponse,
                                          {'BindResponse',success,[],[],
                                           asn1_NOVALUE,asn1_NOVALUE}},
                                         asn1_NOVALUE}}
=INFO REPORT==== 23-May-2014::16:49:53 ===
    LDAP bind succeeded: cn=David Wang,ou=Users,ou=Accounts,dc=scholar,dc=com
=INFO REPORT==== 23-May-2014::16:49:53 ===
        LDAP filling template "cn=${username},ou=Users,ou=Accounts,dc=scholar,dc=com" with
            [{username,<<"David Wang">>}]
=INFO REPORT==== 23-May-2014::16:49:53 ===
        LDAP template result: "cn=David Wang,ou=Users,ou=Accounts,dc=scholar,dc=com"
=INFO REPORT==== 23-May-2014::16:49:53 ===
    LDAP CHECK: does David Wang have tag administrator?
=INFO REPORT==== 23-May-2014::16:49:53 ===
    LDAP evaluating query: {constant,true}
=INFO REPORT==== 23-May-2014::16:49:53 ===
    LDAP evaluated constant: true
=INFO REPORT==== 23-May-2014::16:49:53 ===
    LDAP DECISION: does David Wang have tag administrator? true
=INFO REPORT==== 23-May-2014::16:49:53 ===
    LDAP CHECK: does David Wang have tag management?
=INFO REPORT==== 23-May-2014::16:49:53 ===
    LDAP evaluating query: {constant,true}
=INFO REPORT==== 23-May-2014::16:49:53 ===
    LDAP evaluated constant: true
=INFO REPORT==== 23-May-2014::16:49:53 ===
    LDAP DECISION: does David Wang have tag management? true
=INFO REPORT==== 23-May-2014::16:49:53 ===
LDAP DECISION: login for David Wang: ok
=ERROR REPORT==== 23-May-2014::16:49:53 ===
webmachine error: path="/api/whoami"
"Unauthorized"
I'm using command ldapsearch to find uid=david.wang

dn: cn=David Wang,ou=Users,ou=Accounts,dc=scholar,dc=com
uidNumber: 1311
gidNumber: 63000
homeDirectory: /home/david.wang
pcnSHAPassword: {sha}**********************
pcnMicrosoftNTPassword: *********************
pcnMicrosoftLanmanPassword: *******************
pcnWebconfigFlag: TRUE
givenName: David
sn: Wang
.
.
.
pcnProxyFlag: TRUE
pcnOpenVPNFlag: TRUE
pcnPPTPFlag: TRUE
pcnWebFlag: TRUE
loginShell: /bin/bash
pcnFTPFlag: FALSE
pcnMailFlag: FALSE
pcnGoogleAppsFlag: FALSE
uid: david.wang
cn: David Wang

And this is the contents of LDAP config

  {rabbitmq_auth_backend_ldap,
   [ {servers,               ["10.0.10.10"]},
     {user_dn_pattern,       "cn=${username},ou=Users,ou=Accounts,dc=scholar,dc=com"},
     {dn_lookup_base,        "dc=scholar,dc=com"},
     {other_bind,           {"cn=manager,cn=internal,dc=scholar,dc=com","eRwFTGDFTooNI5ca"}},
     {use_ssl,               false},
     {port,                  389},
     {log,                   network},
     {vhost_access_query,    {in_group,
                              "ou=Users,ou=Accounts,dc=scholar,dc=com"}},
     {resource_access_query,
      {for, [{permission, configure, {in_group, "ou=Users,ou=Accounts,dc=scholar,dc=com"}},
             {permission, write,
              {for, [{resource, queue,    {in_group, "ou=Users,ou=Accounts,dc=scholar,dc=com"}},
                     {resource, exchange, {constant, true}}]}},
             {permission, read,
              {for, [{resource, exchange, {in_group, "ou=Users,ou=Accounts,dc=scholar,dc=com"}},
                     {resource, queue,    {constant, true}}]}}
            ]
      }},
     {tag_queries,           [{administrator, {constant, true}},
                              {management,    {constant, true}}]}
   ]
  }

Anybody Help me please ...!!!
Thanks so much

_______________________________________________
rabbitmq-discuss mailing list
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
Reply | Threaded
Open this post in threaded view
|

Re: RabbitMQ 3.3.0 Can not login with Open Ldap

dwang7630
In reply to this post by dwang7630
Dear All
I'm try login to RabbitMQ, LDAP bind have return success. But I can not login, and  this is the log file

=INFO REPORT==== 23-May-2014::16:49:53 ===
LDAP CHECK: login for David Wang
=INFO REPORT==== 23-May-2014::16:49:53 ===
        LDAP filling template "cn=${username},ou=Users,ou=Accounts,dc=scholar,dc=com" with
            [{username,<<"David Wang">>}]
=INFO REPORT==== 23-May-2014::16:49:53 ===
        LDAP template result: "cn=David Wang,ou=Users,ou=Accounts,dc=scholar,dc=com"
=INFO REPORT==== 23-May-2014::16:49:53 ===
    LDAP connecting to servers: ["10.0.10.10"]
=INFO REPORT==== 23-May-2014::16:49:53 ===
    LDAP network traffic: bind request = {'BindRequest',3,
                                          "cn=David Wang,ou=Users,ou=Accounts,dc=scholar,dc=com",
                                          {simple,<<"321`Rewq">>}}
=INFO REPORT==== 23-May-2014::16:49:53 ===
    LDAP network traffic: bind reply = {ok,
                                        {'LDAPMessage',1,
                                         {bindResponse,
                                          {'BindResponse',success,[],[],
                                           asn1_NOVALUE,asn1_NOVALUE}},
                                         asn1_NOVALUE}}
=INFO REPORT==== 23-May-2014::16:49:53 ===
    LDAP bind succeeded: cn=David Wang,ou=Users,ou=Accounts,dc=scholar,dc=com
=INFO REPORT==== 23-May-2014::16:49:53 ===
        LDAP filling template "cn=${username},ou=Users,ou=Accounts,dc=scholar,dc=com" with
            [{username,<<"David Wang">>}]
=INFO REPORT==== 23-May-2014::16:49:53 ===
        LDAP template result: "cn=David Wang,ou=Users,ou=Accounts,dc=scholar,dc=com"
=INFO REPORT==== 23-May-2014::16:49:53 ===
    LDAP CHECK: does David Wang have tag administrator?
=INFO REPORT==== 23-May-2014::16:49:53 ===
    LDAP evaluating query: {constant,true}
=INFO REPORT==== 23-May-2014::16:49:53 ===
    LDAP evaluated constant: true
=INFO REPORT==== 23-May-2014::16:49:53 ===
    LDAP DECISION: does David Wang have tag administrator? true
=INFO REPORT==== 23-May-2014::16:49:53 ===
    LDAP CHECK: does David Wang have tag management?
=INFO REPORT==== 23-May-2014::16:49:53 ===
    LDAP evaluating query: {constant,true}
=INFO REPORT==== 23-May-2014::16:49:53 ===
    LDAP evaluated constant: true
=INFO REPORT==== 23-May-2014::16:49:53 ===
    LDAP DECISION: does David Wang have tag management? true
=INFO REPORT==== 23-May-2014::16:49:53 ===
LDAP DECISION: login for David Wang: ok
=ERROR REPORT==== 23-May-2014::16:49:53 ===
webmachine error: path="/api/whoami"
"Unauthorized"

I'm using command ldapsearch to find uid=david.wang

dn: cn=David Wang,ou=Users,ou=Accounts,dc=scholar,dc=com
uidNumber: 1311
gidNumber: 63000
homeDirectory: /home/david.wang
pcnSHAPassword: {sha}**********************
pcnMicrosoftNTPassword: *********************
pcnMicrosoftLanmanPassword: *******************
pcnWebconfigFlag: TRUE
givenName: David
sn: Wang
.
.
.
pcnProxyFlag: TRUE
pcnOpenVPNFlag: TRUE
pcnPPTPFlag: TRUE
pcnWebFlag: TRUE
loginShell: /bin/bash
pcnFTPFlag: FALSE
pcnMailFlag: FALSE
pcnGoogleAppsFlag: FALSE
uid: david.wang
cn: David Wang

And this is the contents of LDAP config

  {rabbitmq_auth_backend_ldap,
   [ {servers,               ["10.0.10.10"]},
     {user_dn_pattern,       "cn=${username},ou=Users,ou=Accounts,dc=scholar,dc=com"},
     {dn_lookup_base,        "dc=scholar,dc=com"},
     {other_bind,           {"cn=manager,cn=internal,dc=scholar,dc=com","eRwFTGDFTooNI5ca"}},
     {use_ssl,               false},
     {port,                  389},
     {log,                   network},
     {vhost_access_query,    {in_group,
                              "ou=Users,ou=Accounts,dc=scholar,dc=com"}},
     {resource_access_query,
      {for, [{permission, configure, {in_group, "ou=Users,ou=Accounts,dc=scholar,dc=com"}},
             {permission, write,
              {for, [{resource, queue,    {in_group, "ou=Users,ou=Accounts,dc=scholar,dc=com"}},
                     {resource, exchange, {constant, true}}]}},
             {permission, read,
              {for, [{resource, exchange, {in_group, "ou=Users,ou=Accounts,dc=scholar,dc=com"}},
                     {resource, queue,    {constant, true}}]}}
            ]
      }},
     {tag_queries,           [{administrator, {constant, true}},
                              {management,    {constant, true}}]}
   ]
  }

Anybody Help me please ...!!!
Thanks so much

_______________________________________________
rabbitmq-discuss mailing list
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss
Reply | Threaded
Open this post in threaded view
|

Re: RabbitMQ 3.3.0 Can not login with Open Ldap

Matthias Radestock-3
On 23/05/14 11:13, [hidden email] wrote:
> *I'm try login to RabbitMQ, LDAP bind have return success. But I can not
> login, and  this is the log file*

What error does the HTTP response contain?

Matthias.
_______________________________________________
rabbitmq-discuss mailing list
[hidden email]
https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss